Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)

On Mon, 6 Aug 2007, Serge E. Hallyn wrote:

> +	err = security_inode_killpriv(out->f_path.dentry, LSM_NEED_LOCK);
> +	if (err)
> +		return err;
> +
>  	err = should_remove_suid(out->f_path.dentry);
>  	if (unlikely(err)) {
>  		mutex_lock(&inode->i_mutex);

It seems hackish to pass a needlock arg to an API, and that that we'll end 
up with some conceptually similar call-outs for both caps and setuid.

How about encapsulating this stuff so that there's something like:

	err = should_remove_privs();
	if (err)
		remove_privs();

with

void remove_privs()
{
	mutex_lock();
	__remove_privs();
	mutex_unlock();
}

and then __remove_privs() handles the logic for all file privileges, 
including at this stage suid and the LSM call for file caps ?

- James
-- 
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)
  - From: "Serge E. Hallyn" <[email protected]>

References:
- [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)
  - From: "Serge E. Hallyn" <[email protected]>

Prev by Date: Re: Disk spin down issue on shut down/suspend to disk
Next by Date: Re: [PATCH] remove strict ansi check from __u64 in asm/types.h
Previous by thread: Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)
Next by thread: Re: [PATCH 1/1] file capabilities: clear fcaps on inode change (v2)
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]